"Every password you ever used in eve online has been stolen, please make sure to change any accounts using any of these passwords, we enjoy fuckin you"

Also for the retart tinnin... why not ask CCP for an onscreen in game keyboard to enter log in info... I mean if we need to make PW's a *****... what about keyloggers PLEASE PROTECT ME FROM KEY LOGGERS CCP.

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.

Greetings capsuleer,

As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid.

If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Posted - 2012.04.26 23:38:00 -
[11] - Quote
This will be reviewed when we institute the two factor option in the next couple of months."Sreegs has juuust edged out Soundwave as my favourite dev." - Meita Way 2012

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.

Greetings capsuleer,...If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Regards,

Shian Yang

I have both null and void in my cargo hold... how does this effect things?

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.

Greetings capsuleer,

As you may know from your pod and ship security systems no passwords are stored in clear-text. They are stored as an (ideally) irreversible hash to prevent them from being discovered. This is safer than allowing the re-use of such passwords where an attacker may obtain an older password which may not currently be valid.

If, however, a capsuleer wishes to tie their nuts to the capsule and initiate a self-destruct sequence I see no reason for CONCORD to prevent them; providing they accept this nulls and voids any claims they may have to reimbursement.

Regards,

Shian Yang

Congratulations on giving CCP the benefit of the doubt on their handling of passwords. Certainly their attention to detail in the past is cause for such fiath in their coding skills.

Posted - 2012.04.27 00:48:00 -
[17] - Quote
The reason this is a security feature is simple, they aren't storing your password. (Unless they're actually that ********, which I doubt.)

They're storing an encrypted version of your password, which is virtually useless.

They're are ways of cracking these things, however, your concerns would be very misplaced to worry about that. Especially if you're the type of person who reuses passwords.I usally write one of these and then change it a month later when I reread it and decide it sounds stupid.

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.

MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up.

Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user.

Personally, I like to use SHA512(Password+Salt), where and password is the byte array of the password string and the salt is a 16byte crypto strength random value. Maybe I should use a 32byte salt?... hmmm... So much CPU power these days.

Please remove the security feature you put in place to ensure I don't do something to compromise my account.

Many Thanks

Some Dumb Pubbie

Given the rate at which MMOs are being hacked I wouldn't call them storing anything a security feature.

MMOs aren't being hacked, computers are getting infected from people clicking "yes" on everything that pops-up.

Storing an old hash isn't really a security issue, but I don't agree with forcing the end user to not use an old password. That should be up to the user.

Personally, I like to use SHA512(Password+Salt), where and password is the byte array of the password string and the salt is a 16byte crypto strength random value. Maybe I should use a 32byte salt?... hmmm... So much CPU power these days.

You're wrong.

Trion, Blizzard, Cryptic and Sony have all had their Core DBs hacked.

Not the client infected with a Trojan, but their databases have been hacked and dumped.

Posted - 2012.04.27 08:06:00 -
[25] - Quote
l2F-qsiQa = bad password (because you have to write it down, and it's too few characters)MyHorseIsActuallyAPony = retardedly good password (Long and makes no sense, so not in a dictionary, and you already remembered it for at least a few days just by reading it now)

Changing passwords often = bad (because you make short ones to remember them, and after a while you start writing them down)

Posted - 2012.04.27 08:15:00 -
[28] - Quote
To emphasize. "MyHorseIsActuallyAPony" takes 9.1804 +y 10^41 Years to solve with a dictionary attack. that's over 900.000.000.000.000.000.000.000.000.000.000.000.000.000 years. Good luck with that

COPYRIGHT NOTICEEVE Online, the EVE logo, EVE and all associated logos and designs are the intellectual property of CCP hf. All artwork, screenshots, characters, vehicles, storylines, world facts or other recognizable features of the intellectual property relating to these trademarks are likewise the intellectual property of CCP hf. EVE Online and the EVE logo are the registered trademarks of CCP hf. All rights are reserved worldwide. All other trademarks are the property of their respective owners. CCP hf. has granted permission to EVE-Search.com to use EVE Online and all associated logos and designs for promotional and information purposes on its website but does not endorse, and is not in any way affiliated with, EVE-Search.com. CCP is in no way responsible for the content on or functioning of this website, nor can it be liable for any damage arising from the use of this website.